On a related note, i'm still unsure as to what parameters i need to supply to the restoreTransactionInformation() method.

Based on the docs, it's a "cryptographically secure" number-used-once. The docs also say that the message includes a "signature." is this something i should be able to decrypt somehow to insure it's a legit android market response?

Is there a standard practice for generating Nonces, and verifying signatures?

This is the most complex part of in app billing, I skipped over it to keep this tutorial simple, if you need more information take a look at the BillingSecurity.java class, also it's explained well here: http://developer.android.com/guide/mark ... signatures (Also shows you how to generate nonces).

No not yet, have you experience with the usage of the DEVELOPER_PAYLOAD field with an item which was created on the android market?

Do you maybe know an alternative to the DEVELOPER_PAYLOAD? I'm using unmanaged (managed is not possible for me) items, and the idea was to fill in an id (=primary key from my DB) in the DEVELOPER_PAYLOAD field to identify the async response.

I tried to do the changes in the purchaseStateChanged Activity. After I bought an in-app product and reinstall the whole app this method will be called automatically in order to set the in-app product to PURCHASED. Will there be any security problems if I do the changes in this method ?

Is it possible to retrieve transaction information without an own database? I am pretty confused by the on "getPurchaseInformation", "restoreTransactionInformation", nonces etc.

I wouldn't worry about the security for your first few projects, if you've just got a small app the hackers aren't going to come running. Once you have got the concepts down you can then start to implement more security.

It is only possible to retrieve transactions for 'manages purchases'. These are the one off purchases.

The "manage by user account" purchase type is useful if you are selling items such as game levels or application features. These items are not transient and usually need to be restored whenever a user reinstalls your application, wipes the data on their device, or installs your application on a new device.

Items that are unmanaged do not have their transaction information stored on Android Market, which means you cannot query Android Market to retrieve transaction information for items whose purchase type is listed as unmanaged. You are responsible for managing the transaction information of unmanaged items. Also, unmanaged items can be purchased multiple times as far as Android Market is concerned, so it's also up to you to control how many times an unmanaged item can be purchased.

But I got an Error "BillingHelper is not fully instatiated". It takes to long to start the service. Is there something like OnBillingHelperInstantiatedListener? Where does restoredTransactionInformation save the information?